iptables

Preface Hi together, this thread is highly connected to the issue I explained here: Connected issue I think it has the same root cause but since I got no answer there I tried to narrow down the problem, reframe it. So now I have a different symptom that is based on a more "common" scenario, that...

Hi everybody, I am struggeling with a problem where I did not figure out yet if it is a "basic" networking problem or something that has to do with my SDN configuration. The setup is the following: I have two VEs (192.168.2.10 and .11) coupled as a cluster. Within this cluster there is an...

I am trying to port foward HTTP:80 to IP: 24.12.3.250 I can access my website from 24.12.4.250 since it on the internal network shown below, but when its time to access it from outside the private network I can't access it. (The unnamed router at the top is my home network with the subnet...

Hello, I'm experiencing a pretty strange connection issue when connected to the second vpn VM (wireguard). I got two proxmox nodes, each do have a VM with wireguard, a VM with a dns server, a VM with traefik proxy, both nodes have the same etc/network/interfaces files. Both wireguard VMs are...

This is my current network setup on host one (vm01). I have a public network available over vmbr0 and a private network connected to a nic over vmbr1 (used for cluster traffic and VM private network via a vlan). Now I want to NAT the vlan onto vmbr0 so that the vms can have limited internet...

I have the current setup, which after two days of trying should be correct. I can't get the iptables nat config to redirect traffic from either my vlan or the interface vmbr1 at all. At this point I can't see any other option... auto lo iface lo inet loopback iface enp2s0f0 inet manual iface...

I don't know when this issue started, but I have IPv6 disabled via grub by using "ipv6.disable=1" on GRUB_CMDLINE_LINUX_DEFAULT in /etc/default/grub. My syslog is being flooded with the following messages: Nov 19 10:53:24 pve pve-firewall[1053]: status update error: iptables_restore_cmdlist...

Hi, I have created my own LOG chains for specific rules added for each guest. My first question is how can I log in separate log file like PVEFW does per guest? Currently all logs go into the Node's firewall log. Second question is, how can I format the log output to be similar to PVEFW? At...

I`m trying to add some custom iptables rules (like connlimit) for guest machines. Example rule is: -A tap101i0-IN -p tcp -m connlimit --connlimit-above 30 --connlimit-mask 32 --connlimit-saddr -j REJECT --reject-with tcp-reset As seen tap101i0 is the vm 101 adapter. The rule has no effect, I...

I'm having a really hard time trying to add and keep some custom iptables rules. Reading across several threads, iptables-persistent came to light. With that being said I have installed it with apt-get install -y iptables-persistent and all the rules got saved into the corresponding files...

Hi, After checking quite a few articles found here and on some other websites, it's still not clear for me how one can add custom IPTables rules for each VM. Checking the current host with just one VM at the moment I can see: -A tap100i0-IN -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A...

UBUNTU-VM acts as a router to route traffic over wireguard (UBUNTU-VM is within a proxmox VE). NAS is an old WD EX2, which is not on wireguard, traffic from it passes through the proxmox UBUNTU-VM. The problem is that bandwidth from NAS going outside to VPS is very slow, only 300KB/s (transfer...

I'm trying to set up Proxmox VE firewall rules; except those rules don't seem to do anything on CT level. I had enabled firewalling at: Datacenter level PVE level CT's vNIC (net0) level CT level ^ The minute I enable firewalling completely, I can see that all the incoming connections are...

Hello! I own a hosting company and I often face the situation where my clients using weak passwords end up being broken and at the same time my VPSs become the source of scans on other hosting companies. I managed to block through Suricata the situation in which a client scans a certain IP...

Edit: Solution Hi, I have for a couple of days tried to replicate in Proxmox my bare-metal Debian router setup that serves DHCP and DNS through dnsmasq for my LAN machines. Problem is that I can't get my Ubuntu container to connect to internet no matter what I put in /etc/network/interfaces...

Hiii guys, new Proxmox user here. One of those port forwarding questions which has come up already a couple of times, but still, something seems to be missing. I've installed proxmox 7.1-12 on a dedicated server (one public ip). Now I'm trying to setup ssh port forwarding to a VM. I've seen...

Hello Who can help with understanding such question. I have two VM with private ip addresses. One of them have rules to allow access by several ports from outside to public ip of the Proxmox. So rules work - I have access to VM from outside. iptables -t nat -A PREROUTING -p tcp -d 116.XXX.XXX.99...

Hello everyone, according to WIKI the suricata integration take place under /etc/pve/firewall/<VMID>.fw, and the rule will be automatically added to the iptables . It is exactly my case however i am not receiving alerts at Suricata. this is how the rule looks like: 2 NFQUEUE all --...

I am actually trying to link Pve-IPS output to suricata. I am running suricata using the NFQ mode and im sending traffic to suricata with the gateway-scenario using the following cmd: # iptables -I FORWARD -j PVEFW-IPS The problem is every time i restart the host the added rule is gone (-A...

So I have this set up: I can ping other VMS on the same network but cannot access the internet. a few days ago I could when I set up a VM bride for testing purposes but now I cannot I do think it is due to some routing issues any input would be recommended I do not know too much about...